HackDig : Dig high-quality web security articles for hacker

A few weekends ago, my dog bit me. In his defense, it was dark and I had tackled him unexpectedly to stop him from walking off our under-construction, railing-less deck. It hurt, but at the time I didn’t realize how critical my next actions would be. It was late, I had house guests, and I decided to dress the wound myself. But by the following afternoon, my

As recent attacks targeting sensitive, personal information at a number of high-profile institutions have demonstrated, it is not a matter of if, but when you will have to investigate a security breach. The law enforcement and intelligence communities are increasingly called upon to investigate and mitigate cyberthreats, often applying the same tools and met

First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in the face of such danger? One word: practice. And this lesson is translating to the private sector i

As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take t

One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install l

Risk management is the process of identifying, assessing and controlling threats to an organization. It is also a way to increase the security maturity of an organization. Risk management allows you to think about security more strategically and answer the questions that come from your company board, such as:
How many times was the organization attacked?
Is

Security management can be proactive or reactive depending on each organization’s risk appetite. When attacks are made public, things change, and learning from threats becomes a requirement for both C-suite members and security leaders.
WannaCry, NotPetya and Industroyer are some of the most recently analyzed malware pieces. Apart from corporate networ

Endpoint attacks can come from any direction and many sources. Just consider the reported vulnerabilities found in Apache Struts and the damage caused by WannaCry and Petya. Companies need to stay one step ahead of endpoint attacks, but they struggle due to a lack of visibility of endpoint status, the complexity of investigations and ineffective remediation.

In recent years, several high-profile breaches involving customer data have led to long and costly litigations. These events demonstrated that data protection is more than just a cybersecurity concern.
When responding to a data breach, legal teams have to work closely with the chief information security officer (CISO) to ensure that security policies, r

Indicators of compromise (IoCs) are artifacts such as file hashes, domain names or IP addresses that indicate intrusion attempts or other malicious behavior. These indicators consist of:
Observables — measurable events or stateful properties; and
Indicators — observables with context, such as time range.
IoCs are crucial for sharing threat information and

The cybersecurity expert Stuart Peck, Director of Cyber Security Strategy, ZeroDayLab, shared its view on the Equifax data breach.
For those of you living under a rock this week, Equifax suffered a major breach in their security, which led to over 143 million records being stolen by attackers. The information held by Equifax is highly sensitive, especially f

Full disclosure: I would not eat guacamole for years because a certain puppet-centric movie I saw as a child had me convinced that it was actually made of frog brains. Once in college, however, seeing guacamole being made completely changed my opinion — unlike a sausage-making demonstration in a rather unfortunate public speaking class that same year of coll

Given the increasing volume of connected devices throughout society, Internet of Things (IoT) security should be a key consideration for businesses and consumers alike. Embedded in everything from our homes and cars to commercial and industrial manufacturing, IoT solutions are already providing significant benefits. As a result, IDC expects organizations to

The purveyors of modern threats are not trying to simply deface your website or own your web server. These advanced attackers are attempting to siphon critical and sensitive data from your network over long periods of time, and do so undetected.
Where Is Your Data?
When threat hunting, at a minimum, you should know where your critical data is stored and how

It’s hard to escape the reality that every day, cyberthreats morph and expand, escalating the need to improve and tighten security operations and response practices. While it may feel overwhelming, there are ways to help level the playing field. Cognitive computing and machine learning are new technologies that can empower security practitioners to foc